* [PATCH] monitor: fix buffer overflow when terminal width > 255
@ 2024-09-14 14:09 Celeste Liu
2024-09-14 16:02 ` bluez.test.bot
0 siblings, 1 reply; 3+ messages in thread
From: Celeste Liu @ 2024-09-14 14:09 UTC (permalink / raw)
To: Bluez; +Cc: Celeste Liu
In current code, we create line buffer with size 256, which can contains
255 ASCII characters. But in modern system, terminal can have larger
width. It may cause buffer overflow in snprintf() text.
We need allocate line buffer with size which can contains one line in
terminal. The size should be difficult to calculate because of multibyte
characters, but our code using line buffer assumed all characters has
1 byte size (e.g. when we put packet text into line buffer via
snprintf(), we calculate max size by 1B * col.), so it's safe to
allocate line buffer with col + 1.
Signed-off-by: Celeste Liu <CoelacanthusHex@gmail.com>
---
monitor/packet.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/monitor/packet.c b/monitor/packet.c
index c2599fe6864ab44d657c121fcc3ceecc1ebc52a6..3a21909116b341f782bcaf47c0cb3b880cb3a288 100644
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -376,7 +376,8 @@ static void print_packet(struct timeval *tv, struct ucred *cred, char ident,
const char *text, const char *extra)
{
int col = num_columns();
- char line[256], ts_str[96], pid_str[140];
+ char ts_str[96], pid_str[140];
+ char *line = (char *) malloc(sizeof(char) * col + 1);
int n, ts_len = 0, ts_pos = 0, len = 0, pos = 0;
static size_t last_frame;
---
base-commit: 41f943630d9a03c40e95057b2ac3d96470b9c71e
change-id: 20240914-fix-log-buffer-overflow-9aa5e61ee5b8
Best regards,
--
Celeste Liu <CoelacanthusHex@gmail.com>
^ permalink raw reply related [flat|nested] 3+ messages in thread* RE: monitor: fix buffer overflow when terminal width > 255
2024-09-14 14:09 [PATCH] monitor: fix buffer overflow when terminal width > 255 Celeste Liu
@ 2024-09-14 16:02 ` bluez.test.bot
2024-09-14 16:12 ` Celeste Liu
0 siblings, 1 reply; 3+ messages in thread
From: bluez.test.bot @ 2024-09-14 16:02 UTC (permalink / raw)
To: linux-bluetooth, coelacanthushex
[-- Attachment #1: Type: text/plain, Size: 1579 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=890395
---Test result---
Test Summary:
CheckPatch PASS 0.49 seconds
GitLint PASS 0.35 seconds
BuildEll PASS 24.73 seconds
BluezMake PASS 1696.44 seconds
MakeCheck PASS 13.31 seconds
MakeDistcheck PASS 179.41 seconds
CheckValgrind PASS 256.32 seconds
CheckSmatch WARNING 358.63 seconds
bluezmakeextell PASS 120.73 seconds
IncrementalBuild PASS 1407.21 seconds
ScanBuild WARNING 1016.29 seconds
Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
monitor/packet.c: note: in included file:monitor/display.h:82:26: warning: Variable length array is used.monitor/packet.c:1868:26: warning: Variable length array is used.monitor/packet.c: note: in included file:monitor/bt.h:3606:52: warning: array of flexible structuresmonitor/bt.h:3594:40: warning: array of flexible structures
##############################
Test: ScanBuild - WARNING
Desc: Run Scan Build
Output:
monitor/packet.c:529:1: warning: Potential leak of memory pointed to by 'line'
}
^
1 warning generated.
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: monitor: fix buffer overflow when terminal width > 255
2024-09-14 16:02 ` bluez.test.bot
@ 2024-09-14 16:12 ` Celeste Liu
0 siblings, 0 replies; 3+ messages in thread
From: Celeste Liu @ 2024-09-14 16:12 UTC (permalink / raw)
To: linux-bluetooth
On 2024-09-15 00:02, bluez.test.bot@gmail.com wrote:
> This is automated email and please do not reply to this email!
>
> Dear submitter,
>
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=890395
>
> ---Test result---
>
> Test Summary:
> CheckPatch PASS 0.49 seconds
> GitLint PASS 0.35 seconds
> BuildEll PASS 24.73 seconds
> BluezMake PASS 1696.44 seconds
> MakeCheck PASS 13.31 seconds
> MakeDistcheck PASS 179.41 seconds
> CheckValgrind PASS 256.32 seconds
> CheckSmatch WARNING 358.63 seconds
> bluezmakeextell PASS 120.73 seconds
> IncrementalBuild PASS 1407.21 seconds
> ScanBuild WARNING 1016.29 seconds
>
> Details
> ##############################
> Test: CheckSmatch - WARNING
> Desc: Run smatch tool with source
> Output:
> monitor/packet.c: note: in included file:monitor/display.h:82:26: warning: Variable length array is used.monitor/packet.c:1868:26: warning: Variable length array is used.monitor/packet.c: note: in included file:monitor/bt.h:3606:52: warning: array of flexible structuresmonitor/bt.h:3594:40: warning: array of flexible structures
It's the code already there before I touch.
> ##############################
> Test: ScanBuild - WARNING
> Desc: Run Scan Build
> Output:
> monitor/packet.c:529:1: warning: Potential leak of memory pointed to by 'line'
v2 has been sent. Add forgot free() and send prefix "bluez".
> }
> ^
> 1 warning generated.
>
>
>
> ---
> Regards,
> Linux Bluetooth
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-09-14 16:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-14 14:09 [PATCH] monitor: fix buffer overflow when terminal width > 255 Celeste Liu
2024-09-14 16:02 ` bluez.test.bot
2024-09-14 16:12 ` Celeste Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox